SOC stands for Service and Organization Controls, and it is introduced by AICPA (American Institute of Certified Public Accountants). A SOC 2 report focuses on the Trust Service Principles (TSPs) and serves to educate the user entity about processes that affect its security, availability, processing integrity, confidentiality, or privacy of their data. Currently, LogDNA complies with the Security, Confidentiality, and Availability criteria.
SOC 2 is a type of audit report that attests to the trustworthiness of services provided by a service organization. The report is commonly used to assess the risks associated with software service providers that store customer data.
Without a SOC 2 report, each one of a service provider’s customers (or potential customers) may have to perform an audit of the services before they can buy it, and then repeat that audit annually. That’s a big commitment to make before purchase. Most companies don't have the time, money, or full security team to audit a critical vendor. Work must move forward, and to get the job done, you sometimes have to share sensitive data, and that’s where the SOC 2 report comes in. Through a company’s annual SOC 2 Type 2 audit (which is always performed by independent, unbiased, third-party auditors), the company shows their commitment to security and the protection of sensitive data.
Any organization can claim that they are properly securing the data of their customers, but a SOC 2 report, backed by AICPA standards, is indisputable evidence of that claim. Data security is rapidly becoming the top priority of companies as major corporations are more readily affected by data breaches. The ability to show strong security controls is a key component of marketing a SOC 2 report.
The assurances provided from a SOC audit can increase profit, reduce risk, strengthen a company’s brand, and create a competitive advantage. Additionally, customers can be assured that the procedures and controls are in place and that the software service provider can provide quality and reliable services.
Log management is a critical function for nearly every organization to understand and manage its systems and applications. In today’s world, the security, confidentiality, and availability of log data is a top priority for these businesses, whether they directly manage their logs or work with digital services like website providers and payment processors.
Logs contain sensitive information about systems and applications which is why having a trusted logging provider is essential. When choosing a log management vendor, you must understand what type of data they will store and what security controls they have in place for the protection of your data. Every log management company should have a SOC 2 Type II report ready to share, and if they don't, you should insist on their achieving that as a part of your client contract.